apple_badger
About
- Username
- apple_badger
- Joined
- Visits
- 52
- Last Active
- Roles
- member
- Points
- 202
- Badges
- 0
- Posts
- 86
Reactions
-
VPNs and Online Gaming: Protecting your data and reducing lag
"Where a VPN comes in is that it could act as a major route on the information superhighway that is the internet. While your normal ISP-based route for your packets could take a congested or slow path to the destination, a VPN could help you bypass the slow bits.
If you're playing on far-away servers, such as those in a different continent to where you are, it could be better to use a VPN server. Using one that exits on that continent will reduce the number of hops required."
This is either completely wrong or phrased oddly. If, by some weird chance it ever happens that using a VPN improves anything to do with latency, it's some odd accident that almost certainly won't happen on a regular basis. -
Apple's latest security update is important, but the mass-media response is unhinged
hmlongco said:apple_badger said:That's not how vulnerability chaining doesn't work. Safari is already downloaded and running on your device and CVE-2022-32893 potentially gives an attacker the ability to use Safari to leverage CVE-2022-32894. -
Apple's latest security update is important, but the mass-media response is unhinged
hmlongco said:apple_badger said:CVE-2022-32893 is an arbitrary code execution bug in Webkit.
CVE-2022-32894 is an arbitrary code execution with kernel privileges bug.
Both have been addressed in this update.
It's not, "A remote code execution flaw in webkit paired with the ability to execute arbitrary code with kernel privileges is really, really, *really* bad. " They're not "paired", they're two distinct issues. -
Apple's latest security update is important, but the mass-media response is unhinged
hmlongco said:apple_badger said:I'm going to respectfully disagree here. Speaking as someone who heads up Information security for an organization, this may not be as quite bad as it gets (it won't kill your dog), but it's darn close. A remote code execution flaw in webkit paired with the ability to execute arbitrary code with kernel privileges is really, really, *really* bad.
CVE-2022-32893 is an arbitrary code execution bug in Webkit.
CVE-2022-32894 is an arbitrary code execution with kernel privileges bug.
Both have been addressed in this update. -
Apple's latest security update is important, but the mass-media response is unhinged
cpsro said:apple_badger said:I'm going to respectfully disagree here. Speaking as someone who heads up Information security for an organization, this may not be as quite bad as it gets (it won't kill your dog), but it's darn close. A remote code execution flaw in webkit paired with the ability to execute arbitrary code with kernel privileges is really, really, *really* bad.
(I'm not being critical of Apple here; I'm disagreeing with this story's downplaying of the importance of this update. It's *very* important, and it's very important to update sooner rather than later)
Edit to add: The time from publication of a vulnerability to attempted exploitation is now measured in hours, not days or weeks. When something like this is made public then its value as something to be used in targeted attacks against only high value targets is effectively zero. There's no reason for bad actors to exercise restraint at this point.